Tools
The Tools menu provide access to three types of settings:
General
The following settings are available in this section:
Managing system preferences.
Managing auxiliary files in the database; interface to the file system of the computer or network.
Optimising the database content structuring.
Analysing the bandwidth and response times between the ADONIS application server and the database server.
Summary of used and available scenario licence slots.
Managing server restarts and server-related functionality.
Authentication
The following settings are available in this section:
Configuring authentication mechanisms.
Configuring the LDAP interface.
Configuring OAuth 2.0 authentication.
Configuring JWT authentication for REST requests.
Support
The following settings are available in this section:
Downloading a support information package (SIP) containing logging and system information.
Managing debug mode.
Managing maintenance mode.
System Preferences
To access the system preferences:
- Go to Home > More options, and then click System Preferences.
The System Preferences window opens. It contains the following tabs:
Password strength and login settings.
Enable the audit log.
These tabs are discussed in more detail in the following sections.
Security Settings
The following options are available:
Password Strength Settings
Here you can customise the password strength settings. The following options are available:
Minimal password strength
ADONIS determines the strength of passwords based on their length, complexity, and predictability and assigns them a value of 0 - 100%. Here you can set the minimum strength passwords must have: from very weak (0%), weak (20%), good (40%), strong (60%) to very strong (80%).
Custom password rule
By default, a new password must have at least 8 characters and contain at least one digit (e.g. 0-9) and uppercase as well as lowercase characters (e.g. A-Z, a-z). You can change this setting and specify a custom password rule via a regular expression pattern.
Examples of custom password rules
Passwords should have at least 5 characters and contain a lowercase character (e.g. a-z). The Custom password rule field should therefore read:
^(?=.*[a-z]).{5,}$Passwords should have at least 8 characters and contain a digit (e.g. 0-9), a lowercase character (e.g. a-z) and an uppercase character (e.g. A-Z). The Custom password rule field should therefore read:
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$Number of not allowed previous passwords
Specify the number of previous passwords that are stored by ADONIS and must not be reused on password change.
Maximum password age (days)
Specify the period of time (in days) that a password can be used before ADONIS requires the user to change it.
Minimum password age (days)
Specify the period of time (in days) that a password must be used before the user can change it.
Passwords must meet the minimum password strength settings (e.g., reach 60%) AND match the custom password rule (e.g., contain at least 8 characters and contain numeric and uppercase and lowercase characters).
Login Settings
Here you can customise security relevant login settings. The following options are available:
Number of allowed login failures
Choose a maximal number of allowed login failures before a user is disabled and cannot log in anymore.
System Preferences – Audit Log
Please refer to the section Enable Audit Log for details.
File Management
This tool allows managing auxiliary files (graphic files, scripts…) in the database. To open the file manager:
- Go to Home > More options, and then click File Management.
The Database File Management window opens. The following functions are available:
Search
Search for a file or folder in the database.
File and Folder Management
Create new folders, cut and paste files, rename files and folders, delete files and folders, refresh the content of the catalogue.
Export
Export files and folders from the database into the file system.
Import
Import external files into the database.
Only the super user Admin has full access to all files in the database.
Update Database Statistics
The contents of the database are subject to permanent change: models and objects are created and deleted, libraries imported and much more. Every action creates new information which - over time - slows down the database access. Therefore, it is advisable to update the catalogue statistics of the database system either after major reorganisations or periodically.
Database catalogue statistics are data about the distribution of table and index values which are consulted by the database system for query optimisation. Up-to-date catalogue statistics lead to more efficient execution plans resulting in considerably shorter system response times and thus speeding up the user's work.
To update the database statistics:
Go to Home > More options, and then click Update database statistics
Optional: Adapt the Maintenance method and Topic (table group) settings.
Click Execute.
Updating the database statistics can take a while. During the update other users will experience significant slowdowns in the database communication with ADONIS. Therefore, we recommend not updating the database statistics during times of heavy use.
Maintenance Method
When you update the database statistics, you can select the maintenance method:
Default settings
These are the default settings as defined in the configuration file
adoxx.confin the folder "<ADONIS installation>/conf".Statistics update
The database catalogue statistics are updated, while the indexes are not defragmented.
Defragmentation on leaf level
The indexes are defragmented on leaf level, and the database catalogue statistics are updated.
Index rebuild
The complete index is defragmented.
Index rebuild (online):
The complete index is defragmented while the index remains online. Not available for Oracle or PostgreSQL databases.
Topic (Table Group)
When you update the database statistics, you can select for which database tables the selected maintenance method should be performed:
All
Maintenance is performed for all database tables.
Migration (all data tables except library definition)
Maintenance is performed for all database tables containing ADONIS data which are relevant for migrations.
Repository (repository list, groups, models, objects and users, relations)
Maintenance is performed for all database tables which contain repository data including the repository list.
Models (groups, models, objects and users, relations)
Maintenance is performed for all database tables which contain repository data excluding the repository list.
Objects (groups, objects and users, relations)
Maintenance is performed for all database tables which contain object data.
Users (groups, objects and users, rights and system roles; no relations)
Maintenance is performed for all database tables which contain user data.
Metamodel (library definition)
Maintenance is performed for all database tables which contain the metamodel definition.
Analyse Bandwidth
This function allows you to perform a quick, superficial analysis of the bandwidth and response times between the ADONIS application server and the database server. To analyse the bandwidth:
Go to Home > More options, and then click Analyse Bandwidth.
Click Start.
Three files (1KB, 1MB, 10MB) will be generated in the user's temp directory. Then ADONIS measures how long it takes to
upload the files to the database (a temp directory will be created in the database),
download the files from the database and
delete the files from the database.
When the analysis is completed, you can compare your results with the reference values.
Licence Overview
This page shows you at a glance the total number of available scenario licences as well as the number of scenario licences currently in use. You can also find out quickly about all active ADONIS users including the time of login and the time of the last action. To open the Licence Overview page:
- Go to Home > More options, and then click Licence Overview.
If you have questions about the different types of licences or the difference between concurrent users and named users, please refer to the sections Product Licences vs. Scenario Licences and Named Users vs. Concurrent Users.
You can control whether actual login names are shown in this widget by setting the parameter
ADOXX_WEB_TRACK_LOGINS in the file adoxx_web_conf.js to true/false. This file can be found in the
folder “<ADONIS installation>\conf”.
Server
This page allows you to perform various maintenance tasks. To open the Server page:
- Go to Home > More options, and then click Server.
The following functionalities are available:
Restart Environment
Restart the application server and the web application. All users will be logged out. As soon as the application server is up and running again, and the web application is completely initialised, login is possible again.
Restart Web Application
Restart the web application. All web client users will be logged out. As soon as the web client is completely initialised, login is possible again.
Re-intialise search index
Reinitialize the search index if you if you are encountering problems with the search function in ADONIS. Depending on the number of models and objects in the database this process may take a few minutes.
Start LDAP synchronisation
Start the synchronization of users with an LDAP-compliant directory service according to the configuration specified on the Admin Page. The synchronization is triggered for all configured domains. During the synchronization, a progress bar provides information on the current status. After the synchronization, all newly synchronized users and any error codes are displayed for each domain.
noteFor questions about the necessary steps to enable synchronization, please refer to the Installation Manual.
Clear LDAP Cache
When synchronization of users with an LDAP-compliant directory service is enabled and the option
recursiveNodeLookupis enabled for one or more LDAP properties, ADONIS is caching results to speed up performance. To detect changes in the directory structure, this cache is automatically cleared when the web application is restarted, when you start LDAP synchronization here on the Admin Page, or when a periodic synchronization of users with LDAP is triggered.Use this button to clear the LDAP cache if
recursiveNodeLookupis enabled, there are changes in the directory structure, and you want to make sure that users that log in to the ADONIS web client for the first time will be assigned correctly to system roles, user groups and repositories.
General Settings
Use this page to edit authentication settings. To open the General Settings page:
- Go to Home > More options, and then click General Settings.
To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.
To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.
The following functionalities are available:
SAML Settings
Modify the global basic configuration parameters for SAML connectors.
Security Settings
Adapt the brute force protection settings.
For details on how to configure the parameters please refer to section Configure Brute Force Protection Settings in the Installation Manual.
Licence Warnings
Configure Licence Warnings - automated email notifications when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.
Language
Select the language for user group names, system role names etc. to be used in user mappings.
Upload Certificates
Upload certificates to use for signing and encryption during authentication and for data
synchronization with a directory service. To reference an uploaded certificate, you can use the
simple file name without any path information (e.g. BOC.jks).
Tracing
Turn on authentication trace logging in order to have additional authentication details logged in the web server logs. This is useful in the setup phase for authentication mechanisms such as SAML. Tracing will automatically be turned off on web server restart.
Reset Configuration
Reset the authentication settings to the factory settings. Any previously applied modifications will be lost.
Download Template
Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.
Connectors
All authentication mechanisms (= connectors) of the ADONIS web client are listed here. The authentication mechanisms can be used separately or in combination.
In principal, the following authentication mechanisms are available:
Standard (= the standard login page)
IDM
SAML
OIDC
Each of these authentication mechanisms can be configured to use LDAP coupling to fetch additional user data from a directory service.
The following settings are available:
Edit Connector
Click the button
.Delete Connector
Click the button
.Add Connector
Click the Add button
.
Save Changes
Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.
Configure Self-Service Password Reset
Self-service password reset lets ADONIS users reset their own passwords without having to contact their ADONIS administrator each time. They can simply click the "Forgot Password?" link on the login page, and will then receive an email with a link to reset their password.
Availability
This functionality is available if the mail component is configured and the Standard connector is used (= standard login page where the user can enter his or her username and password).
The mail component can only be configured in the Administration Toolkit. For details please refer to the section Mail in the Administration Help (Rich Client).
The following users CANNOT reset their password themselves:
ADONIS Administrators (users with global administrator rights)
Technical users
Users from an external user management system
Users without email address
Configuration
On the Admin Page, you can enable/disable the self-service password reset and configure how long a password reset link is valid. By default, this feature is enabled and the expiry time of the link is 30 minutes.
To configure the password reset properties:
Go to Home > More options, and then click General Settings.
Edit the Standard Login connector and save the changes afterwards.
Here is the relevant code snippet:
The following child properties of the property "properties" need to be added or modified:
password_reset_enabled
JSON object with the following properties:
"name": "password_reset_enabled"and"value"which may be"true"or"false"(to enable/disable password reset in self-service).password_reset_link_expires_in_minutes
JSON object with the following properties:
"name": "password_reset_link_expires_in_minutes"and"value"specifying how long a link is valid in minutes (default:"30").
Configure Licence Warnings
On the Admin Page, you can configure an automated email notification when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.
Availability
This functionality is available if the mail component is configured.
The mail component can only be configured in the Administration Toolkit. For details please refer to the section Mail in the Administration Help (Rich Client).
Configuration
To configure the licence warnings:
Go to Home > More options, and then click General Settings.
Click the Licence Warnings button. Edit the settings and save the changes afterwards.
The following parameters are available:
notify-on-threshold-exceeded
Specify whether a notification is sent when the number of named users for a scenario has exceeded the configured threshold. Possible values are
"true"or"false".notify-on-threshold-recovery
Specify whether a notification is sent when the number of named users for a scenario has dropped below the configured threshold. Possible values are
"true"or"false".notification-recipient-email
Enter the email address that should receive the notifications.
notification-threshold
Specify the notification threshold. Enter the percentage of named users already assigned for a specific scenario that, when exceeded, triggers a licence warning.
LDAP
Use this page to edit LDAP settings. To open the LDAP page:
- Go to Home > More options, and then click LDAP.
To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.
To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.
The following functionalities are available:
Upload Certificates
Upload certificates to use for signing and encryption during authentication and for data
synchronization with a directory service. To reference an uploaded certificate, you can use the
simple file name without any path information (e.g. BOC.jks).
Download Template
Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.
Domains
All configured domains are listed here.
The following settings are available:
Edit Domain Configuration
Click the button
.Delete Domain Configuration
Click the button
.Add Domain Configuration
Click the Add button
.
LDAP Settings
Modify the general parameters that apply to all domains.
Save Changes
Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.
OAuth 2.0
Use this page to edit OAuth 2.0 settings. To open the OAuth 2.0 page:
- Go to Home > More options, and then click OAuth 2.0.
The following functionalities are available:
Upload Logos
Upload logos to represent client applications. You can use these logos when you configure client data.
General Settings
Select the OAuth 2.0 enabled check box to enable OAuth 2.0.
Clients
All configured clients are listed here. The following settings are available:
Edit Client Configuration
Click the button
. The Client
Data form appears.Delete Client Configuration
Click the button
.Add Client Configuration
Click the Add button
. The
Client Data form appears.
Save Changes
Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.
Client Data
When you add a new client or edit an exisiting client on the OAuth 2.0 page, the Client Data form appears. You can enter and edit the following data:
Type: Select the client type. Confidential clients are e.g. centralized, server based applications, which are capable of securely storing client secrets. Public clients are e.g. purely client based applications and native apps which are not capable of securely storing client secrets.
ID: The ID of the client system. Must be unique among the clients, should be kept simple as special characters need to be URL encoded.
Name: The name of the client application. Will be shown on the user interface.
Redirect URI: The URL of a redirect endpoint inside the client application which will be called by the authorization server when issuing an authorization code.
The Redirect URI is unnecessary when using the Client Credentials Flow, however the Client Data form requires this field to be filled (mandatory for Authorization Code Flow).
Logo: Select a logo to represent the client application (must be uploaded first on the OAuth 2.0 page). Will be shown on the user interface.
Access Token Validity (Seconds): The time in seconds how long an access token is valid until it expires. Default: 1800s = 30 minutes.
Refresh Token Validity (Seconds): The time in seconds how long an refresh token is valid until it expires. Default: 1209600s = 14 days.
Secret: The secret to use for client authentication. You can click Generate to generate a new secret or manually specify one.
Click Save after completing the Client Data form, and then click Save changes to save the OAuth 2.0 page.
JWT (REST)
How to configure the settings on the JWT (REST) page is explained as part of REST API documentation in the Administration Help (Rich Client). For details please refer to the section Enable JWT Authentication for ADONIS .
Information
This page allows you to download support information packages in different sizes. A support information package contains log files of the application server, log files of the web server including the web application as well as configuration files within an encrypted Zip archive. To open the Information page:
- Go to Home > More options, and then click Information.
The following sizes are available:
Support Package SMALL
Downloads log files from the last 24 hours.
Support Package MEDIUM
Downloads log files from the last week.
Support Package LARGE
Downloads all log files.
Download Support Information Package when Access to the Admin Page is not possible
You can still download the support package when the Admin Page cannot be reached in case of an error. In order to do so:
- Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADONIS16_0/supportinformation".
<SERVER_NAME> is the name of the server machine, <TOMCAT_PORT> is the port at which Apache Tomcat is accessible (by default this is 8000).
Example
If you are running the web client locally, the URL should look like this:
"http://localhost:8000/ADONIS16_0/supportinformation"
You can modify the URL to only download log files from a certain time period. In order to do this, add ?logType=<PARAMETER> to the URL. The following parameters that correspond to the package sizes listed above are available: "small", "medium" and "large".
Example
If you are running the web client locally and you want to download log files from the last 24 hours, the URL should look like this:
"http://localhost:8000/ADONIS16_0/supportinformation?logType=small"
Please provide these log files when you contact our support team.
Debug Mode
This page allows you to activate the debug mode. The debug mode influences various details in the behaviour of the application and can be used for error analysis. To open the Debug Mode page:
- Go to Home > More options, and then click Debug Mode.
The following functionalities are available:
Activate Debug Mode
To activate the debug mode:
- Click Activate. Enter a duration and, optionally, a reason. Then, click OK.
The debug mode will automatically deactivate after the selected timespan.
Change Duration
To change the duration of the debug mode:
- Click Change duration. Modify the duration as needed. Then, click OK.
Deactivate Debug Mode
To deactivate the debug mode:
- Click Deactivate.
The debug mode should never be permanently enabled! It is recommended to only activate the debug mode on request of a BOC employee.
Maintenance
This page allows you to enable maintenance mode. Maintenance mode eases the planning of maintenance windows. To open the Maintenance page:
- Go to Home > More options, and then click Maintenance.
To activate or deactivate maintenance mode:
- Click Activate or Deactivate.
When maintenance mode is enabled, no further logins to the web application will be allowed and a corresponding message will be displayed. The Admin Page of the ADONIS web client is excluded from maintenance mode and can still be used.